| config SECURITY_APPARMOR |
| bool "AppArmor support" |
| depends on SECURITY && NET |
| select AUDIT |
| select SECURITY_PATH |
| select SECURITYFS |
| select SECURITY_NETWORK |
| default n |
| help |
| This enables the AppArmor security module. |
| Required userspace tools (if they are not included in your |
| distribution) and further information may be found at |
| http://apparmor.wiki.kernel.org |
| |
| If you are unsure how to answer this question, answer N. |
| |
| config SECURITY_APPARMOR_BOOTPARAM_VALUE |
| int "AppArmor boot parameter default value" |
| depends on SECURITY_APPARMOR |
| range 0 1 |
| default 1 |
| help |
| This option sets the default value for the kernel parameter |
| 'apparmor', which allows AppArmor to be enabled or disabled |
| at boot. If this option is set to 0 (zero), the AppArmor |
| kernel parameter will default to 0, disabling AppArmor at |
| boot. If this option is set to 1 (one), the AppArmor |
| kernel parameter will default to 1, enabling AppArmor at |
| boot. |
| |
| If you are unsure how to answer this question, answer 1. |
| |
| config SECURITY_APPARMOR_HASH |
| bool "SHA1 hash of loaded profiles" |
| depends on SECURITY_APPARMOR |
| select CRYPTO |
| select CRYPTO_SHA1 |
| default y |
| |
| help |
| This option selects whether sha1 hashing is done against loaded |
| profiles and exported for inspection to user space via the apparmor |
| filesystem. |